mod_c2s: Disconnect accounts when they are disabled We decided that at the first stage, accounts that are disabled should simply be prevented from authenticating, thus they should also be prevented from having connected sessions. Since this is aimed to be a moderation action for cases of abuse, they shouldn't be allowed to continue being connected.

core.usermanager: Fire events when enabling and disabling users Allow modules to act on this state change, e.g. kick accounts etc.

core.usermanager: Add methods for enabling and disabling users Calling into the auth module, where available.

core.usermanager: Add Teal description file

mod_auth_internal_hashed: Implement methods to enable and disable users

mod_auth_internal_hashed: Implement is_enabled() method Uses 'disabled' property already introduced in aed38948791f

mod_auth_internal_hashed: Add stub methods for enabling and disabling users But how and where?

mod_auth_internal_hashed: Refactor to prepare for disabling users Moving this out will make space for a dynamic check whether a particular user is disabled or not, which is one possible response to abuse of account privileges.

Merge 0.12->trunk

util.prosodyctl.check: Suggest 'http_cors_override' instead of older CORS settings The cross_domain_* settings were added here prior to http_cors_override being added back in 17d87fb2312a, so for a time there was no replacement, but now there is.